SECURITY-FLAGS(5) Standards, Environments, and Macros SECURITY-FLAGS(5) NNAAMMEE sseeccuurriittyy--ffllaaggss - process security flags DDEESSCCRRIIPPTTIIOONN Each process on an illumos system has an associated set of security- flags which describe additional per-process security and exploit mitigation features which are enabled for that process. There are four sets of these flags for each process, the effective set (abbreviated _E) are the set which currently apply to the process and are immutable. The inheritable set (abbreviated _I) are the flags which will become effective the next time the process calls one of the eexxeecc((22)) family of functions, and will be inherited as both the effective and inheritable sets by any child processes. The upper set (abbreviated _U) specify the maximal flags that a process can have in its inheritable set. The lower set (abbreviated _L) specify the minimal amount of flags that a process must have in its inheritable set. The inheritable set may be changed at any time, subject to permissions and the lower and upper sets. To change the security-flags of a process one must have both permissions equivalent to those required to send a signal to the process and have the PPRRIIVV__PPRROOCC__SSEECCFFLLAAGGSS privilege. Currently available features are: Address Space Layout Randomisation (AASSLLRR) The base addresses of the stack, heap and shared library (including lldd..ssoo) mappings are randomised, the bases of mapped regions other than those using MMAAPP__FFIIXXEEDD are randomised. Currently, executable base addresses are _n_o_t randomised, due to which the mitigation provided by this feature is currently limited. This flag may also be enabled by the presence of the DDTT__SSUUNNWW__AASSLLRR dynamic tag in the ..ddyynnaammiicc section of the executable file. If this tag has a value of 1, ASLR will be enabled. If the flag has a value of 00 ASLR will be disabled. If the tag is not present, the value of the ASLR flag will be inherited as normal. Forbid mappings at NULL (FFOORRBBIIDDNNUULLLLMMAAPP) Mappings with an address of 0 are forbidden, and return EINVAL rather than being honored. Make the userspace stack non-executable (NNOOEEXXEECCSSTTAACCKK) The stack will be mapped without executable permission, and attempts to execute it will fault. System default security-flags are configured via properties on the ssvvcc:://ssyysstteemm//pprroocceessss--sseeccuurriittyy service, which contains a boolean property per-flag in the ddeeffaauulltt, lloowweerr and uuppppeerr, property groups. For example, to enable ASLR by default you would execute the following commands: # svccfg -s svc:/system/process-security setprop default/aslr = true This can be done by any user with the ssoollaarriiss..ssmmff..vvaalluuee..pprroocceessss-- sseeccuurriittyy authorization. Since security-flags are strictly inherited, this will not take effect until the system or zone is next booted. SSEEEE AALLSSOO ppsseeccffllaaggss(1), ssvvccccffgg(1M), bbrrkk(2), eexxeecc(2), mmmmaapp(2), mmmmaappoobbjj(2), pprriivviilleeggeess(5), rrbbaacc(5) June 6, 2016 SECURITY-FLAGS(5)